Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aurora vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6345
SQL injection vulnerability in aurora framework prior to 20071208 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained...
Aurora Aurora Framework
6.1
CVSSv3
CVE-2019-16238
Afterlogic Aurora up to and including 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
Afterlogic Aurora
NA
CVE-2009-3365
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote malicious users to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
Traza Aurora 1.0.2
1 EDB exploit
5.3
CVSSv3
CVE-2021-33209
An issue exists in Fimer Aurora Vision prior to 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an malicious user to enumerate usernames. This can make a brute-force attack easier.
Fimer Aurora Vision
4.3
CVSSv3
CVE-2021-33210
An issue exists in Fimer Aurora Vision prior to 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
Fimer Aurora Vision
8.8
CVSSv3
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows malicious users to execute arbitrary code via supplying a crafted .sabredav file.
Afterlogic Aurora Files 9.7.3
9.8
CVSSv3
CVE-2021-26293
An issue exists in AfterLogic Aurora up to and including 8.5.3 and WebMail Pro up to and including 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Serve...
Afterlogic Aurora
Afterlogic Webmail Pro
1 Github repository
7.5
CVSSv3
CVE-2021-26294
An issue exists in AfterLogic Aurora up to and including 7.7.9 and WebMail Pro up to and including 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/...
Afterlogic Aurora
Afterlogic Webmail Pro
2 Github repositories
4.8
CVSSv3
CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
Afterlogic Aurora 7.7.5
Afterlogic Webmail 7.7
6.1
CVSSv3
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic Aurora 8.3.11
Afterlogic Webmail Pro 8.3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »